For website visitors
MSIG Insurance Europe AG (“MSIG”) would like to thank you for visiting our website and your interest in our products. The protection of your personal data is important to us and we would like you to feel safe when you visit our website. We comply with applicable data protection law, in particular the EU General Data Protection Directive (“GDPR”), German Federal Data Protection Act (“BDSG”) and German Telemedia Act (“TMG”).
In this data protection information we explain which information (including personal data) are processed by us in connection with your visit and use of our website (“website”).
I. Who is responsible for data processing?
The controller responsible for the processing of personal data under data protection law is MSIG Insurance Europe AG, which is available at:
Any reference to “we” or “us” in this data protection information is a reference to the aforementioned entity.
Our data protection officer may be contacted via the aforementioned means or via the following e-mail address:
II. Which principles do we observe?
In compliance with applicable data protection law, we only process your personal data on the basis of a statutory authorisation or if you have declared your consent.
On this website we may collect information that does not allow us to draw any direct conclusions about your person. In certain cases – especially when combined with other data – this information can be considered as “personal data” under applicable data protection law. Furthermore, we may also collect information on this website that does not enable us to identify you, directly or indirectly. This is the case, for example, with aggregated information about all users of this website.
III. Which data do we process?
You can access our website without directly entering personal data, such as your name, your postal address or your e-mail address. But also in this case we must process and store certain information to enable you to access our website. We provide general information about our company, our group of companies, our products and contact persons on our website. In this context, you will also find information on means of contact using which you can contact us, e.g. via telephone or e-mail.
When you visit our website, our web server automatically stores the domain name or IP address of the requesting computer (usually of your internet access provider). We also store date, time and duration of your visit, the subpages/URLs you visit and information about the application(s) and terminal device(s) you use to view our pages.
2. Cookies - General:
2.1. Website analysis via Matomo:
Further information on data protection at Matomo can be found here: https://matomo.org/docs/privacy/.
2.2. Processing of your data collected on this website by Google, Vimeo and Adobe Typekit in the USA
By clicking on "Accept all cookies" or accepting the functional cookies separately, you also agree that your data can be processed in the USA. On 16 July 2020, the European Court of Justice declared the EU-US Privacy Shield to be ineffective, with the consequence that the USA is considered an insecure third country without an adequate level of data protection. There is a risk that your data may be processed by US authorities for control or monitoring purposes. If you do not agree or subsequently object to the use of your data by Google and Vimeo under "Edit cookie settings", your data will not be processed in the USA. Since Adobe Typekit is an essential cookie that is required for the display of the font of the website, you can only use our website if you agree to the use of Adobe Typekit. An objection is not possible here. It is therefore theoretically possible that data in connection with the font could be processed in the USA.
3. Getting in touch:
Where you use one of the means specified on our website to get in touch, we process any personal data which may be in your message and communicated by you (e.g. your e-mail address, your name, your telephone number) in order to process and answer your inquiry.
IV. For which purposes and on which legal basis do we process your personal data?
1. Any personal data which may be contained in the logfiles are processed to enable you to use our website; this processing is based on Section 15 (1) TMG and on Article 6 (1 f) GDPR for the purposes of our legitimate interest in operating our website.
2. The data collected using cookies and the pseudonymised use profiles are processed for the purposes of shaping our website in line with needs on the basis of Section 15 (3) TMG and Article 6 (1 f) GDPR for the purposes of our legitimate interest in analysing the use of our website. The processing of your data collected on this website by Google, Vimeo and Adobe Typetik in the USA will only take place with your express consent on the basis of Art. 49 para. 1 a) GDPR.
3. Data are processed to handle an inquiry for the purposes of our legitimate interest in establishing and maintaining business contacts on the basis of Article 6 (1 f) GDPR. If your inquiry relates to the conclusion of a contract or pre-contractual measures, we process your personal data on the basis of Article 6 (1 b) GDPR.
4. Where we give you the possibility to grant consent to the processing of personal data, we process the data covered by the consent for the purposes set out in the consent; this processing is based on Article 6 (1 a) GDPR.
Please note that
- the granting of consent to us is voluntary;
- not granting consent or revoking it at a later date may nevertheless have consequences about which we inform you before consent is granted; and
- any consent granted to us can be revoked at any time, taking effect on the future, e.g. by communication by post, fax or e-mail using the means of contact set out in the data protection information.
5. We may process the data processed in connection with your use of our website also for compliance with legal obligations to which we are subject. This processing is based on Article 6 (1 c) GDPR.
6. Otherwise we process your data beyond the above-mentioned purposes also to safeguard our legitimate interests or the interests of third parties; this processing is based on Article 6 (1 f) GDPR. Our legitimate interests include the following:
a) establishment of legal claims and defence in legal disputes;
b) prevention and investigation of criminal offences; and
c) control and further development of our business operations including risk control.
V. Am I obliged to provide data?
For the handling of your inquiry to us it is necessary for you to provide a means of contact. Without this information we will not be able to process your inquiry.
If we also collect personal data from you, we will inform you whether the provision of this information is based on a legal or contractual obligation or is necessary for the conclusion of a contract. We indicate which information can be provided voluntarily and is not based on one of the above-mentioned obligations or is not necessary to conclude a contract.
VI. Who receives my data?
Your personal data are processed within our company. Depending on the categories of personal data, only dedicated departments have access to your personal data. Such departments include in particular the departments responsible for our websites and the contact persons designated on our website and our IT department.
To the extent permitted by law, we may transfer your personal data also to third parties outside of our company. These external recipients may include the following in particular
- affiliated companies, such as MS&AD Insurance Group Holdings, Inc. (Japan) and Mitsui Sumitomo Insurance Co. Limited (Japan), to which we may transfer personal data for internal administration purposes;
- service providers used by us which – on the basis of separate agreements with us – provide services which may include the processing of personal data, as well as subcontractors of our service providers which are used with our consent; and
- private and public bodies, to the extent that we are obliged to transfer your personal data on the basis of legal obligations.
We ensure that also the external recipients of personal data observe the obligations under data protection law in accordance with this data protection information.
VII. Are data transferred to countries outside the EU/the EEA?
Personal data are processed generally within the European Union or the European Economic Area.
Only in connection with the processing of personal data within our group of companies and the use of service providers to provide web analysis services may information be transferred to recipients in so-called “third countries”. “Third countries” mean countries outside the European Union or the Agreement on the European Economic Area, where a level of data protection comparable to that in the European Union cannot be assumed.
If the information transferred also contains personal data, we ensure before such a transfer that the necessary adequate level of data protection is guaranteed in the respective third country or with the recipient in the third country. This may result in particular from a so-called “adequacy resolution” of the European Commission, which establishes an appropriate level of data protection for a certain third country as a whole. Alternatively, we can also base data transmission on the so-called “EU standard contractual clauses” agreed with a recipient. We will provide you with further information on the suitable and appropriate guarantees for maintaining an appropriate level of data protection upon request. Please find the contact details at the beginning of this data protection information. Information on the “EU standard contractual clauses” can be found under https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32010D0087&from=DE and information on the adequacy decisions under https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en#dataprotectionincountriesoutsidetheeu.
VIII. How long are my data stored?
We store your personal data as long as we have a legitimate interest in this storage and your interests in refraining from further storage do not prevail.
Even without a legitimate interest, we may continue to store the data, if there is a legal obligation (e.g. to comply with statutory storage obligations). We delete your personal data even without any action on your part as soon as they are no longer necessary to satisfy the purpose of processing or the storage is otherwise not permitted by law.
- log data are deleted if further storage is not required for purposes provided by law, such as the detection of misuse and the detection and rectification of technical faults; and
- the data processed in the context of an inquiry to us are deleted after expiry of the statutory storage periods.
Personal data which we must store to satisfy legal obligations are stored up to the end of the respective storage obligation. Where we store personal data exclusively to satisfy storage obligations, they are usually blocked so that they are only accessible for the purpose of the storage obligation.
IX. What are my rights?
a) Right to object according to Article 21 GDPR
You have the right to object at any time to the processing of your personal data under Article 6 (1) e) or f) GDPR. In the event of your objection, we will no longer process the personal data concerning you, unless we can demonstrate compelling legitimate grounds for processing which prevail over your interests, rights and freedoms or the processing serves to establish, exercise or defend legal claims.
b) Other rights
As a data subject, you may
- request access to your stored personal data, Article 15 GDPR;
- request the rectification of incorrect data, Article 16 GDPR;
- request the erasure of your personal data, Article 17 GDPR;
- request the restriction of processing, Article 18 GDPR and
- exercise your right to data portability, Article 20 GDPR.
To exercise these rights you can contact us or our data protection officer at any time, e.g. using one of the means of contact provided the beginning of this data protection information.
In addition, you are entitled to lodge a complaint with a supervisory authority responsible for data protection, Article 77 GDPR.
Information on the processing of your application data
In the following, we provide you with information on the processing of your personal data by MSIG Insurance Europe AG and your rights under data protection law.
Who is responsible for data processing and how can you reach the data protection officer?
Which categories of data do we use and where do they come from?
The categories of personal data processed include in particular your master data (such as first name, surname, name affixes and nationality), contact data (such as private address, (mobile) telephone number, email address) as well as the data of the entire application procedure (letter, references, questionnaires, interviews, qualifications and previous jobs). Where you have also voluntarily provided special categories of personal data (such as health data, religion, degree of disability) in the application letter or during the course of the application procedure, data will only be processed if you have given your consent to this or a legal basis so justifies.
Your personal data are usually collected directly from you during the hiring process. We can also have obtained data from third parties (e.g. job agency) to whom you have provided your data for the purposes of forwarding. If you are applying on our career website, please also refer to the Data Protection Information for website visitors besides the present information.
For which purposes and on which legal foundation are data processed?
We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG, in the version applicable from 25.05.2018) as well as all other pertinent acts (e.g. Works Constitution Act - BetrVG, General Equal Treatment Act - AGG etc.).
Data processing primarily serves the purpose of conducting and handling the application procedure and determining the extent to which a candidate is suitable for the respective position. It is necessary to process your application data so as to be able to decide on whether to enter into an employment relationship. The prime legal foundation here is provided by Art. 6 (1) b) GDPR in conjunction with Section 26 (1) BDSG. In addition, it may be necessary to obtain your separate consent under Art. 6 (1) a), 7 GDPR in conjunction with Section 26 (2) BDSG as permission provision under data protection law.
Where necessary, we also process your data on the basis of Art. 6 (1) f) GDPR in order to safeguard justified interests of ours or of third parties (e.g. authorities).
We are also obliged by virtue of the European Anti-terrorism Regulations 2580/2001 and 881/2002 to compare your data against the so-called “EU terror lists” to ensure that in future no monies or other economic resources are provided for terrorist purposes.
The processing of special categories of personal data (e.g. health data) is based on your consent in accordance with Art. 9 (2) a) GDPR in conjunction with Section 26 (2) BDSG, unless statutory foundations such as Art. 9 (2) b) in conjunction with Section 26 (3) BDSG are pertinent.
Your application data will be treated confidentially at all times. We will notify you beforehand should we wish to process your personal data for a purpose which is not mentioned above.
Who receives your data?
Within our company only those individuals and offices (e.g. technical unit, representative for the severely disabled) receive your personal data which require such for the hiring decision and to satisfy our pre-contractual, contractual and statutory duties.
In addition, we may also make use of different service providers as part of the application process. A list of the contractors and service providers we use and with whom a not only temporary business relationship exists can be obtained on request using the above mentioned contact data.
Which data protection rights may you assert as data subject?
You can obtain information on your stored personal data from the above mentioned address. You may also request that your data be rectified or erased under certain circumstances. You may also have a right to restriction of processing your data and a right to receive the data provided to you in a structured, commonly used and machine-readable format.
Right to object
If we process your data to safeguard our justified interests, you can object to this processing on grounds relating to your particular situation. We will no longer process your personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise and defence of legal claims.
Who can you complain to?
You have the possibility to address a complaint to the above mentioned data protection officer or to a data protection supervisory authority. The data protection supervisory authority responsible for us is as follows:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
(Regional officer for data protection and freedom of information in North Rhine-Westphalia)
How long are your data stored?
We delete your personal data six months after completion of the application procedure unless an employment relationship comes about. This shall not apply if statutory provisions are contrary to deletion or the further storage is necessary for purposes of evidence or you have given your consent to a longer storage period.
If we are unable to offer you any free position, but are of the opinion based on your profile that your application could be of relevance to future job offers, we will process your personal application data for 24 months in our applicants’ database if you have given us your explicit consent hereto.
Will your data be transmitted to a third country?
If we transmit personal data to Group companies outside of the European Economic Area (EEA), the transmission shall be made only to the extent that the third country has been confirmed as having a suitable level of data protection by the EU Commission or where other suitable data protection guarantees (e. g. binding internal data protection provisions or EU standard contractual clauses) exist. You can request detailed information on this using the above mentioned contact information.
Are you obliged to provide your data?
As part of your application you must provide the personal data which are necessary to conduct the application procedure and assess suitability. Without these data we will be unable to conduct the application procedure and make a decision on entering into an employment relationship.